wwikiqo
About

restrict

Keyword in C (programming language)

In the C programming language, restrict is a type qualifier that can be applied to a pointer to hint to the compiler that for the lifetime of that pointer, no other pointer will be used to access the same pointed-to object. This limits the effects of pointer aliasing, which can allow the compiler to make optimizations that would not otherwise be possible. Undefined behaviour results if the declaration of intent is not followed and the object is accessed by an independent pointer.

Restrict

In the C programming language, restrict is a type qualifier that can be applied to a pointer to hint to the compiler that for the lifetime of that pointer, no other pointer will be used to access the same pointed-to object. This limits the effects of pointer aliasing, which can allow the compiler to make optimizations (such as vectorization) that would not otherwise be possible. Undefined behaviour results if the declaration of intent is not followed and the object is accessed by an independent pointer.

The restrict keyword was introduced by the C99 standard. Despite C++ supporting most features of C, restrict is not included in standard C++.

Optimization

If the compiler knows that there is only one pointer to a memory block, it can produce better optimized code. For instance, in a function updatePointers() which adds a value x to both its arguments a and b:

void updatePointers(size_t* a, size_t* b, size_t* x) {
    *a += *x;
    *b += *x;
}

In the above code, the pointers a, b, and x might refer to the same memory location, so the compiler may generate less optimal code:

; Hypothetical RISC Machine.
ldr r12, [x]     ; Load memory at x to r12.
ldr r3, [a]      ; Load memory at a to r3.
add r3, r3, r12  ; Perform addition: r3 = r3 + r12.
str r3, [a]      ; Store r3 to memory location a, updating the value.
ldr r3, [b]      ; 'load' may have to wait until preceding 'store' completes.
ldr r12, [x]     ; Have to load a second time to ensure consistency.
add r3, r3, r12
str r3, [b]

However, if the restrict keyword is used and the above function is declared as

void updatePointers(size_t* restrict a, size_t* restrict b, size_t* restrict x) {
    *a += *x;
    *b += *x;
}

then the compiler is allowed to assume that a, b, and x point to different locations and updating the memory location referenced by one pointer will not affect the memory locations referenced by the other pointers. The programmer, not the compiler, is responsible for ensuring that the pointers do not point to identical locations. The compiler can e.g. rearrange the code, first loading all memory locations, then performing the operations before committing the results back to memory.

ldr r12, [x]    ; Note that x is now only loaded once.
ldr r3, [a]     ; Also, all 'load's in the beginning ...
ldr r4, [b]
add r3, r3, r12
add r4, r4, r12
str r3, [a]     ; ... all 'store's in the end.
str r4, [b]

The above assembly code is shorter because x is loaded only once. Without x being restricted, it is possible for a to alias with it. This would result in x changing on the first addition, when a is updated, and thus needing to be reloaded. The above assembly code is also faster, since the compiler can rearrange the code more freely. In the second version of the above example, the store operations are all taking place after the load operations, ensuring that the processor won't have to block in the middle of the code to wait until the store operations are complete. This reordering is enabled because pointers a and b were marked with restrict, which ensures that the user won't call the function with these pointers aliased, expecting x to be added twice to the integer they both refer to.

Note that the real generated code may have different behaviors, depending on how the compiler uses the additional information. The benefit with the above mini-example may be small, and in real-life cases large loops doing heavy memory access tends to be what is really helped by restrict.

As mentioned above, how incorrect code behaves is undefined. The compiler only ensures the generated code works properly if the code follows the declaration of intent, and the optimizations it enables will likely cause the code to behave incorrectly when the pointers are aliased. Compilers may detect and warn in some cases where pointers are aliased, but are not required to.

Support by C++ compilers

C++ does not have standard support for restrict, but many compilers have equivalents that usually work in both C++ and C, such as the GCC's and Clang's __restrict__, and Visual C++'s __declspec(restrict). In addition, __restrict is supported by those three compilers. The exact interpretation of these alternative keywords vary by the compiler:

  • In Unix-style compilers such as GCC and Clang, __restrict and __restrict__ mean exactly the same as their C counterpart. Extensions include allowing them to be applied to reference types and this.[1]
  • In Visual C++, multiple no-alias qualifiers are provided:
    1. __declspec(restrict) applies to the function declaration and hints that the returned pointer is not aliased.
    2. __restrict is used in the same place as restrict, but the no-alias hint does not propagate as in restrict. It is also extended for union types.

restrict remains usable in an extern "C" (C linkage) context.

Compiler warnings

To help prevent incorrect code, some compilers and other tools try to detect when overlapping arguments have been passed to functions with parameters marked restrict.[2] The CERT C Coding Standard considers misuse of restrict and library functions marked with it (EXP43-C) a probable source of software bugs.

References

  1. "Restricted Pointers". Using the GNU Compiler Collection (GCC).
  2. "Warning Options: -Wrestrict". GCC. Retrieved 19 November 2019.